Booking Holdings Romania - Senior Penetration Tester

Undelucram.ro on behalf of:BOOKING HOLDINGS ROMANIA SRLBooking Holdings Romania is a Center of Excellence based in Bucharest, Romania and was created to support the increasing business demands of the Booking Holdings Brands. The Center of Excellence provides access to specialized and highly skilled talent, leading industry best practices, and collaboration opportunities across all of our Brands.As part of our Booking Holdings Romania team, you will have the opportunity to be a part of the world’s leading provider of online travel, with a mission of making it easier for everyone to experience the world through five-primary consumer facing brands: Booking.com, Priceline, Agoda, KAYAK and OpenTable.The Senior Penetration Tester defines and leads the execution of highly technical and specialized engagements and designs new techniques of testing based on the evolution of industry best practices over time. They are both performing hands-on technical testing without requiring supervision and are coordinating teams of testers to ensure that the engagement objectives are met. They strengthen Booking Holdings brands security posture by proactively identifying vulnerabilities and security control gaps in our systems and applications.The Senior Penetration Tester provides critical input to the group's brands with the development of the security assurance strategic plan based on subject matter expertise to increase the impact and value added through this area of focus. The Senior Penetration Tester also helps further grow the security assurance area by mentoring other team members and members of other technical non-pentester communities within the Booking Holdings group. The Senior Penetration Tester has strong stakeholder management skills that enable effective communication of technical information to multi-level (up to CISO/CSO level), technical and non-technical audiences within the broader Booking Holdings organization.This role provides a hybrid way of working with an onsite presence of 2 days/week.Key Job Responsibilities and DutiesPlan and organize any externally and internally performed security assurance activitiesCoordinate security assurance engagements executed by external testersExecute security assurance engagement testingDocument and formally report the outcomes of the security assurance activities both to a technical and non-technical audienceAlign with Booking Holdings on the overall security assurance landscape for the GroupCoordinate and support the contractual relationship and alignment with external security assurance vendorsAlign business testing needs with timely and relevant threat information and verify the organization’s security posture against themPerform other duties as assignedResearch and innovate, regularly research and learn new TTPs, and apply this knowledge to update testing methodology and tools.Understand breach and attack simulation solutions, working with them to automate control validation and effectiveness.Liaise with security teams to mature prevention, detection, and response capabilitiesMentor and support junior teammatesRole Qualifications And Requirements5+ years of experience in information security5+ years of relevant hands-on experience in security assurance testing and engagement managementExpertise in at least one of the following areas: (Web) application security, infrastructure security, mobile securityExcellence in communicating business risk and remediation requirements from assessmentsExcellent stakeholder management skillsProficient in scripting languages such as Python, PowerShell, Bash, and Ruby and be able to create scripts that automate security testing processes, enhance efficiency, and uncover vulnerabilities.Competent with testing frameworks and toolsUnderstanding of OWASP, the MITRE ATT&CK framework and the software development lifecycle (SDLC).Analytical and problem-solving mindset.Highly organized and efficientExperience in offensive tacticsSoftware development experienceOne or more of the following certifications: OSCP, OSCE, GPEN, GWAPT, CEH, CISSP or a similar recognized certification in your domain of expertiseBenefits & PerksContributing to a high scale, complex, world renowned product and seeing real-time impact of your work on millions of travelers worldwideWorking in a fast-paced and performance driven cultureTechnical, behavioral and interpersonal competence advancement via on-the-job opportunities, experimental projects, hackathons, conferences and active community participationCompetitive compensation and benefits package Vast amounts of data to validate your ideas and the opportunity to experiment with real usersBooking Holdings is proud to be an equal opportunity workplace and is an affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We strive to move well beyond traditional equal opportunity and work to create an environment that allows everyone to thrive.Pre-Employment ScreeningIf your application is successful, your personal data may be used for a pre-employment screening check by a third party as permitted by applicable law. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, education and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position.